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DETAILED ACTION 

• Applicant's amendment filed on 3/23/2009 has been entered. Applicant has 
amended claims 1, 2, 6, 7, 9, 12, 17, and 23 and canceled claim 13. Currently 
claims 1, 2, 6-12, 14, 17-27 and 29-34 are pending in this application. 

• Examiner acknowledges clarification of claim language of claim(s) 23-27 and 29- 
30 to overcome rejection under 35 U.S.C 101 . As a result, all rejections under 
U.S.C 101 are withdrawn. 



Response to Arguments 

1 . Applicant's arguments with respect to claims 1 , 12, 17, and 23 have been 
considered but are moot in view of the new ground(s) of rejection and further in view of 
different interpretation of England reference. 



Claim Rejections - 35 USC § 103 



2. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claims 17-21, 23-24, 26-27, and 29-30 are rejected under 35 U.S.C. 103(a) as 



being unpatentable over England in view of Olsen (US 5,758,069), hereinafter "Olsen". 
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Regarding Claim 17, England discloses a method of specifying constraints on 
the use of a software object, the method comprising: 

creating a specification that permits a vendor to specify what may be loaded into 
an address space of the software a computer in which object is to be executed, the 
specification referring to one or more components that are external to the software and 
external to the specification (see, Column 18, lines 39-54 and also abstract); 

including, in a manifest (see, Column 10, lines , 14-25, access predicate + 
license), data from one of said one or more components (see, Column 18, lines 39-54); 
or 

distributing the generated manifest together with the software object, thereby 
ensuring a secure address space for executing the software object (see, Fig. 2, 
Numeral 220). 

England discloses a manifest but does not explicitly disclose generating a 
manifest based on specification. 

However, Olsen discloses creating a description that specifies requirements that 
are to be embodied in a manifest; and providing the description to a manifest generation 
tool that reads the description and generates the vendor-provided manifest based on 
the requirements (see, Column 8, lines 52-64). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to generate, the license of England, using the description that 
specifies requirements of England using license generation tool as taught by Olsen so 
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that the license can then be distributed by the software vendor of England with the 
software. 

Regarding Claim 18, the rejection of claim 17 is incorporated and the 
combination of England and Olsen further discloses wherein said one or more 
components comprises a module, wherein said specification indicates either that said 
module may be loaded into said address space or that said module may not be loaded 
into said address space (see, Column 10, lines 14-24 and Column 18, line 55 - Column 
19, line 9), and wherein said manifest generation tool including an identifier of said 
module in said manifest (see, Olsen, Column 10, lines 12-30). 

Regarding Claim 19, the rejection of claim 17 is incorporated and the 
combination of England and Olsen further discloses wherein said one or more 
components comprise a key, wherein said specification indicates either that modules 
signed with said key may be loaded into said address space or that modules signed 
with said key may not be loaded into said address space (see, Column 10, lines 41-51), 
and wherein said manifest generation tool retrieves said key from a file identified in said 
specification, and includes a certificate for said key in said manifest (see, Olsen, 
Column 10, lines 12-30). 

Regarding Claim 20, the rejection of claim 17 is incorporated and the 
combination of England and Olsen further discloses wherein said manifest generation 
tool creates an intermediate data structure representative of said specification, and 
generates said manifest based on said intermediate data structure (see, Olsen, Column 
8, lines 52-64).. 
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Regarding Claim 21, the rejection of claim 17 is incorporated and the 
combination of England and Olsen further discloses wherein receiving a key from 
further comprising: 

receiving a key associated with a vendor or distributor of the software; signing 
said manifest with said to produce a digital signature; and including said digital 
signature in said manifest (see, Olsen, Column 10, lines 12-30). 

Regarding Claim 23, England discloses a system comprising a processor for 
generating a manifest, the system comprising: 

requirements relating to what may be loaded into an address space of a software 
object, said specification referring to one or more components external to said software 
and external to said specification (see, Column 18, lines 39-54 and also abstract); and 

included in said manifest information contained in, or computed based on, said 
one or more components (see, Column 18, lines 39-54), the manifest configured to 
interoperate with a security component (see, Column 8, lines 56-65, Column 9, lines 11- 
15, "DDMOS") that imposes a permeable barrier for selectively allowing acceptable 
modules to be loaded into the software space of the software object and blocking 
unacceptable modules from being loaded into the software space thereby preventing 
unauthorized tampering of the one or more components (see, Column 8, lines 56-65, 
Column 9, lines 11-15, "DDMOS" and also see abstract). 

England does not explicitly disclose a first parser configured to receive a 
manifest specification indicative of requirements for a manifest, the first parser 
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generating a representation of said requirements and a first manifest generator that 
generates a manifest based on said representation. 

However, Olsen discloses a parser configured to receive a manifest specification 
indicative of requirements for a manifest, the first parser generating a representation of 
said requirements and a first manifest generator that generates a manifest based on 
said representation (see, Column 8, lines 52-64). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to generate, the license of England, using the description that 
specifies requirements of England using license generation tool as taught by Olsen so 
that the license can then be distributed by the software vendor of England with the 
software. 

Regarding Claim 24, the rejection of claim 23 is incorporated and the 
combination of England and Olsen further discloses wherein said one or more 
components comprise a module, and wherein said first manifest generator generates 
said manifest by including, in said manifest, a datum that identifies said module (see, 
Column 10, lines 14-25). 

Regarding Claim 26, the rejection of claim 23 is incorporated and the 
combination of England and Olsen further discloses wherein said one or more 
components comprise a key, wherein said specification indicates either that acceptable 
modules signed with said key may be loaded into said address space or that 
unacceptable modules signed with said key may not be loaded into said address space 
(see, Column 10, lines 14-24 and Column 18, line 55 - Column 19, line 9), and wherein 
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said first manifest generator retrieves said key from a file identified in said specification 
and includes said key in said manifest (see, Olsen, Column 10, lines 12-30). 

Regarding Claim 27, the rejection of claim 23 is incorporated and the 
combination of England and Olsen further discloses wherein said first manifest 
generator generates a digital signature for said manifest by signing said manifest with a 
key associated with a vendor or distributor of said software object, and includes said 
digital signature in said manifest (see, Olsen, Column 10, lines 12-30).. 

Regarding Claim 29, the rejection of claim 23 is incorporated and the 
combination of England and Olsen further discloses a second parser that receives a 
manifest specification indicative of requirements for a manifest, the second parser 
generating a representation of said requirements in the same format as said first parser 
(see, Column 18, line 55- Column 19, line 1), wherein said first parser parses 
specifications in a first format and second parser parses specifications in a second 
format different from said first format, and wherein first manifest generator generates 
said manifest based on a representation produced either by said first parser or said 
second parser (see, Column 19, lines 45-53). 

Regarding Claim 30, the rejection of claim 23 is incorporated and the 
combination of England and Olsen further discloses a second manifest generator that 
generates a manifest based on said representation, wherein said first manifest 
generator generates a manifest in a first format and second manifest generator 
generates a manifest in a second format different from said first format (see, Column 
19, lines 54-61 and Olsen, Column 8, lines 52-64)). 
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Claims 1-2, 6-10, 12, 14, 25, and 31-34 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over England in view of Olsen and further in view of Jensenworth et 
al. (US 6,279,1 1 1 ), "Jensenworth". 

Regarding Claim 1, England discloses a method of generating a vendor-provided 
manifest that governs the execution of a software object distributed by the vendor, the 
method comprising: 

accessing manifest (see, Fig. 2, Numeral 222 + Numeral 223, and also see, 
Column 10, lines 14-25), comprising one or more rules imposed by the vendor for 
ensuring integrity of an address space that is used in a computer for executing the 
software object (see, Column 10, lines 14-25 and Column 19, lines 45-53), the one or 
more rules incorporating a list of acceptable modules (see, Column 10, lines 14-25) 
wherein acceptable modules may be executed in the address space of the computer 
and the unacceptable modules are unconditionally barred from being executed in the 
address space of the computer (see abstract). 

England discloses a manifest but does not explicitly discloses creating a 
description that specifies requirements that are to be embodied in the vendor-provided 
manifest; and providing the description to a manifest generation tool that reads the 
description and generates the vendor-provided manifest based on the requirements. 

However, Olsen discloses creating a description that specifies requirements that 
are to be embodied in a manifest; and providing the description to a manifest generation 
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tool that reads the description and generates the vendor-provided manifest based on 
the requirements (see, Column 8, lines 52-64). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to generate, the license of England, using the description that 
specifies requirements of England using license generation tool as taught by Olsen so 
that the license can then be distributed by the software vendor of England with the 
software. 

England discloses that the manifest comprises the list of acceptable modules but 
does not explicitly disclose the list of unacceptable modules to be included in the 
license. 

However, Jensenworth discloses a manifest comprising the list of unacceptable 
modules (see, Column 5, lines 50-67 and Column 12, lines 1-9). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to include, in the license of England, a list of unacceptable 
modules so that the access to the content of England can be barred explicitly from 
these unacceptable modules. 

Regarding Claim 2, the rejection of claim 1 is incorporated and the combination 
of England, Olsen and Jensenworth further discloses wherein said description identifies 
the acceptable and unacceptable modules, and wherein generating the manifest 
comprises including, in said manifest, the identities of the acceptable and unacceptable 
modules identified in the description (see, England, Column 10, lines 14-25 and Olsen, 
See Column 8, lines 52-64). 



Application/Control Number: 10/658,149 Page 10 

Art Unit: 2435 

Regarding Claim 6, the rejection of claim 2 is incorporated and the combination 
of England, Olsen and Jensenworth further discloses wherein said specification 
indicates whether said manifest will contain hashes for identifying the unacceptable 
modules (see, Jensenworth, Column 7, lines 33-44). 

Regarding Claim 7, the rejection of claim 1 is incorporated and the combination 
of England, Olsen and Jensenworth further discloses wherein at least one of said 
acceptable modules comprises a key, and wherein said specification indicates that the 
at least one of said acceptable modules signed with said key may be loaded into said 
address space (see, Column 10, lines 41-51) and wherein generating said manifest 
comprises: retrieving said key from a file identified in said specification; and including 
said key in said manifest (see Column 14, lines 58-67). 

Regarding Claim 8, the rejection of claim 1 is incorporated and the combination 
of England, Olsen and Jensenworth further discloses wherein generating said manifest 
comprises: 

Computing a hash of at least one of said unacceptable module and including said 
hash in said manifest (see, Jensenworth, Column 7, lines 33-44). 

Regarding Claim 9, the rejection of claim 1 is incorporated and the combination 
of England, Olsen and Jensenworth further discloses wherein said generating act 
comprises: based on said description, creating a data structure representative of said 
description; and generating said manifest based on said data structure (see, Olsen, 
Column 8, lines 52-64). 
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Regarding Claim 10, the rejection of claim 1 is incorporated and the combination 
of England, Olsen and Jensenworth further discloses receiving a key associated with a 
vendor or distributor of said software object; signing said manifest with said key to 
produce a digital signature; and including said digital signature in said manifest (see, 
Olsen, Column 10, lines 12-30). 

Regarding Claim 12, England discloses a computer-readable medium encoded 
with computer-executable instructions to perform a method of generating a manifest that 
governs the execution of a software object distributed by a vendor, the method 
comprising: 

parsing a specification of requirements to be included in the manifest (see, 
Column 19, lines 45-53), the requirements comprising a vendor-specified policy 
configured to preclude loading of a rogue module into an address space of a computer 
in which the software object is to be executed (see, Column 18, lines 39-54 and also 
abstract); 

accessing one or more components that are identified by the specification and 
that are external to the specification, the one or more components including an 
executable module (see, Column 18, lines 39-54); and 

accessing a manifest based on at least one of the accessed objects and 
including in said manifest an identification of said executable module and an indication 
that said executable module may be loaded into said address space (see, Column 18, 
lines 39-54, and column 10, lines 14-25). 
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England discloses a manifest but does not explicitly disclose generating a 
manifest based on specification. 

However, Olsen (US 5,758,069) discloses creating a description that specifies 
requirements that are to be embodied in a manifest; and providing the description to a 
manifest generation tool that reads the description and generates the vendor-provided 
manifest based on the requirements (see, Column 8, lines 52-64). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to generate, the license of England, using the description that 
specifies requirements of England using license generation tool as taught by Olsen so 
that the license can then be distributed by the software vendor of England with the 
software. 

England discloses that the manifest comprises the list of acceptable modules but 
does not explicitly disclose an indication that said executable module may not be loaded 
into said address space. 

However, Jensenworth et al. (US 6,279,111) discloses a manifest comprising the 
list of unacceptable modules (see, Column 5, lines 50-67 and Column 12, lines 1-9). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to include, in the license of England, a list of unacceptable 
modules so that the access to the content of England can be barred explicitly from 
these unacceptable modules. 

Regarding Claim 14, the rejection of claim 12 is incorporated and the 
combination of England, Olsen and Jensenworth further discloses wherein said rouge 
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module is operative to perform an unauthorized operation on the one or more 
components (see, Column 9, lines 16-29 and Column 18, lines 39-54). 

Regarding Claim 25, the rejection of claim 24 is incorporated and the 
combination of England and Olsen does not explicitly disclose wherein said datum 
comprises a hash of said module. 

Jensenworth discloses datum comprising a hash of said module (see, 
Jensenworth, Column 7, lines 33-44). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to include, in the certificate of England, a datum comprising a 
hash of said module as taught by Jensenworth so that the hash included in the license 
can be matched with the hash of the application prior to granting access to the 
application. 

Regarding Claims 31 and 32, the rejection of claim 1 is incorporated and the 
combination of England, Olsen and Jensenworth does not disclose wherein at least one 
of the unacceptable modules is identified in the list by a version number or a range of a 
version numbers. 

However England in the same reference discloses identifying modules in the list 
by a range of version numbers (see, Column 9, lines 20-27). 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to identify, in the license of England as modified by 
Jensenworth, unacceptable modules by the range of version numbers as applied by 
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England to it's right management certificate so that the same name software can be 
divided into acceptable or unacceptable modules based on the version information. 

Regarding Claim 33, the rejection of claim 12 is incorporated and the 
combination of England, Olsen and Jensenworth and further discloses wherein the 
policy comprises an identity of an unacceptable module that is unconditionally barred 
from being executed in the address space of the software object (see, England, Column 
9, lines 11-29 as combined with Jensenworth, Column 5, lines 50-67 and Column 12, 
lines 1-9). 

Regarding Claim 34, the rejection of claim 33 is incorporated and the 
combination of England, Olsen and Jensenworth further discloses wherein the 
unacceptable module is identified in the policy by a hash identifier (see, Jensenworth, 
Column 7, lines 33-44). 

Claim 11 is rejected under 35 U.S.C. 103(a) as being unpatentable over England 
in view of Olsen, Jensenworth and further in view of Watanabe et al. (US 2002/01 08041 
A1 ), hereinafter Watanabe. 

Regarding Claims 11, the rejections of claim 1 is incorporated and the 
combination of England, Olsen and Jensenworth discloses signing a manifest using the 
private key of the vendor or distributor. The combination does not explicitly discloses 
using hardware security module to sign manifest, said hardware security module being 
adapted to apply a key associated with a vendor or distributor of said software object 
without revealing said key outside said hardware security module. 
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However, Watanabe, in the same field of endeavor of cryptography, discloses 
signing digital document with private key of the signing party without revealing private 
key outside hardware security module (Paragraph 0195, One of the approaches to 
solve the problems of security assurance and enhanced computing speed is the use of 
a hardware security module (HSM) in holding the signature keys (or private keys) and 
executing signature processing.") 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to use in the system of England, during a creation of 
cryptographic envelopes, use a hardware security module, as taught by Watanabe to 
provider highly temper resistant and security for the private key of the vendor 
(Watanabe, Paragraph 0195) 

Claim 22 is rejected under 35 U.S.C. 103(a) as being unpatentable over England 
in view of Qlsen and further in view of Watanabe et al. (US 2002/01 08041 A1 ), 
hereinafter Watanabe. 

Regarding Claims 22, the rejections of claim 17 is incorporated and the 
combination of England and Olsen discloses signing a manifest using the private key of 
the vendor or distributor. The combination does not explicitly discloses using hardware 
security module to sign manifest, said hardware security module being adapted to apply 
a key associated with a vendor or distributor of said software object without revealing 
said key outside said hardware security module. 
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However, Watanabe, in the same field of endeavor of cryptography, discloses 
signing digital document with private key of the signing party without revealing private 
key outside hardware security module (Paragraph 0195, One of the approaches to 
solve the problems of security assurance and enhanced computing speed is the use of 
a hardware security module (HSM) in holding the signature keys (or private keys) and 
executing signature processing.") 

Therefore, it would have been obvious at the time the invention was made to one 
of ordinary skill in the art to use in the system of England, during a creation of 
cryptographic envelopes, use a hardware security module, as taught by Watanabe to 
provider highly temper resistant and security for the private key of the vendor 
(Watanabe, Paragraph 0195). 

Conclusion 

1 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to YOGESH PALIWAL whose telephone number is 
(571)270-1807. The examiner can normally be reached on M-F: 7:30 AM - 5:00 PM 
EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Y. P.I 

Examiner, Art Unit 2435 
/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



